Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cf-Deployment Security Vulnerabilities - 2018

cve
cve

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

8.8CVSS

8.3AI Score

0.001EPSS

2018-03-29 08:29 PM
22
cve
cve

CVE-2018-1193

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

5.3CVSS

5.2AI Score

0.001EPSS

2018-05-23 03:29 PM
23
cve
cve

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insuffic...

8.8CVSS

8.7AI Score

0.001EPSS

2018-03-19 06:29 PM
27
4
cve
cve

CVE-2018-1221

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...

8.1CVSS

7.9AI Score

0.001EPSS

2018-03-19 06:29 PM
31
cve
cve

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin...

7.2CVSS

7AI Score

0.001EPSS

2018-05-15 08:29 PM
34
cve
cve

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego C...

7.2CVSS

6.9AI Score

0.003EPSS

2018-06-06 08:29 PM
27
cve
cve

CVE-2018-1277

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS agains...

6.5CVSS

6.2AI Score

0.001EPSS

2018-04-30 08:29 PM
27